package com.fengli.task.uitl.auth;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 目前没用
 * @Description:
 * @Author: fengli
 * @Date 4/22/19 4:14 PM
 */
/*@Configuration
@EnableWebSecurity*/
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * configure(HttpSecurity http)在这里配置，而不是ResourceServerConfiguration
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests().antMatchers("/login","/signUp").permitAll().and()
        .authorizeRequests().anyRequest().hasRole("USER");
    }

    /*下面的好些没其左右，移到AuthenticationConfigurer就起作用了*/
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user")
                .password("password")
                .roles("USER");
    }
}
